Things are not going pretty well for Big Basket. The company has already faced a hacking attack in November, and now again the online grocery company has encountered a cyber attack. The hacking group “Shiny Hunters” has leaked around 20 million Big Basket user data and made it available on Dark Web for free.
The leaked data includes personal information of the users such as email address, mobile numbers, residence address and even date of birth. The data also contains hashed passwords of the user account. As per reports, the database has a total size of 15 gb in SQL format. Interestingly, the data is free available for everyone to download on the illegal platform, Dark Web.
Alon Gal, CTO at Hudson Rock a high-fidelity cybercrime intelligence firm has come up on his twitter account and also shared the news.
Alon Gal in tweet says, (Twitter handle @UnderTheBreach):
Infamous threat actor "ShinyHunters" just leaked the database of "BigBasket, a famous Indian online grocery delivery service. (@bigbasket_com)
20,000,000+ clients affected and information such as emails, names, hashed passwords, birthdates and phone numbers were leaked.
Besides, Alon Gal has stated that the hashed passwords for the account security are not safe, and it is just plain texts for the hackers.
Shiny Hunters have been accused of another cyber attack earlier this month, where they have leaked Upstox database- one of the emerging share and stock trading online companies in India. Upstox had paid the ransom to the hackers to suspend the leaked data download link.
Furthermore, Rajshekhar Rajaharia reported to Moneylife that the recent BigBasket data breach is somewhat connected with the data breach that took place in November, and was itself confirmed by the online grocery service.
Earlier, Shiny Hunters have tried to sell the data at 15 paisa per lead or a total of INR 30 lakhs for the complete database.
Statement by BigBasket:
“The privacy and confidentiality of our customers are our priority and we do not store any financial data, including credit card numbers. And are confident that this financial data is secure,”
If you have an account with Bigbasket, we strongly advise you to immediately change your credentials and remove the payment options from there; delete the linked card information. Moreover, use unique passwords for different services. For instance, if you have the same password for BigBasket and your email, the hackers can access your email address too. Change it with immediate effect!
Indian School of Ethical Hacking is a trusted cyber security service in India. We are known for our advanced cyber security skills, and also provide ethical hacking training to young individuals and professionals.
Keep following ISOEH news and stay updated with cyber security trends. We bring you the latest updates from all around the globe.